Remember to add the tag: [[Category:OWASP PHP Project]] to the end of new articles so that they're properly categorised.

PHP Security Overview

It is not easy to produce a PHP application without security vulnerabilities. Most application security vulnerabilities apply to PHP applications just like other environments.

The goals of this project are to provide information about building, configuring, deploying, operating, and maintaining secure PHP applications. We cover the following topics or pick a topic from the OWASP PHP Table of Contents

This section covers dangerous calls and common vulnerabilities associated with them, such as system() exec(), eval() and so on. This section will also cover standard security mechanisms available in the standard language, such as cryptography, logging, encryption, and error handling. Securing elements of an application, such as controllers, business logic, and persistence layers will be covered. We'll discuss handling request parameters, encoding, injection, and more.